Skip to Main Content

Phish Bowl

The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.

These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers.  They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.

If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.

If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center  or your local departmental IT unit  and reset your account password  to prevent scammers from using your account.

How to Report a Phishing Scam

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:

  1. Please follow instructions on How to Report a Phishing Scam
  2. Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.

It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.

Date Title Description
EVC/Provost Opportunity Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
Settings Changed Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. From: Microsoft Web-Team [mailto:Outlook@@ @ trx.outlok.com] Sent: Friday, January 26, 2018 4:16 AM To: Subject: settings changed Importance: High Outlook Office365 Email   We detected a recent sign-in Windows device. You are getting this email to make sure it was you. To help keep you safe, we require an extra security challenge   Click Here   This action will take a brief period before this request takes effect This is a mandatory communication about the service. To set communication preferences for other cases. © 2018 Outlook-Corporation All Rights Reserved Terms of use Privacy & Cookies
HR Team Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: [username]@ucla.edu Subject: HR Team Greetings: You have a message from the HR Department Click here to view your message Sincerely, The Human Resources Talent Acquisition Team This is an automatically generated email, please do not reply.
[username]@[campus unit].ucla.edu Password Expiration Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IT Help Desk Subject: [username]@[campus unit].ucla.edu password expiration [campus unit].ucla.edu Hello [username] Password for [username]@[campus unit].ucla.edu expires today Tuesday, March 23, 2021 at 2:34 PM Keep Same Password [campus unit].ucla.edu (c) 2021
UNICEF Part-Time Job Opportunity Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: [username]@ucla.edu Subject: UNICEF PART – TIME JOB OPPORTUNITY Good Day, I am a staff hear at the institution, a professor of Medicine shared a link for students who might be interested in PAID UNICEF PART-TIME POSITION job to make up to $400 (USD) weekly. Follow the link below for more info regarding the position – CLICK HERE NOTE: THIS IS STRICTLY A WORK FROM HOME POSITION. Sincerely, Dr. Daniel Spencer
Staff & Employee Benefits Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From:   Sent: Friday, March 6, 2020 5:41 AM To: Subject: Staff & Employee Benefit All staff & employee are expected to  verify their email account for new payroll directory and adjustment for the month of March  benefit payment. Please kindly  Click MARCH-BENEFIT and complete the required directive to avoid omission of your benefit payment for March 2020 Thank you, Help Desk.
Recalculation of your Tax Refund Payment Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IRS Subject: Recalculation of your Tax Refund Payment Internal Revenue Service (IRS) Dear Applicant, After the last calculations of your annual tax refund, we have determined that you are eligible to receive an extra tax refund of 1400.00 USD Please submit the tax refund request and click here by having your tax refund sent to your account in due time. Please do not reply as the email address is not monitored for received mail.
We Need You Only If You Are Interested Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: AMAZON TEAM To: Subject: we need you only if you are interested On: Tuesday, November 12, 2019 at 6:24 AM Dear MysteryShopper, We have a MysteryShopper position in your area and the wage is 250 to 300 dollars per assignment,we would like you to participate,therefore we are accepting applications for this job.It's fun and rewarding.After you sign up you will have access to training materials.Kindly,send the requested information below to be enlisted.
New Payroll Service Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Tuesday, October 15, 2019 8:54 AM To: Subject: NEW PAYROLL SERVICE ALL STAFF ; This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness.  These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW PAYROLL SERVICE to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.
Question – Application For a Professor Position Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Subject: Question – application for a Professor position From: Martin Kroll Date: Sunday, October 13, 2019 at 6:10 PM Hello, I am interested to apply to your University for a Professor position. May I ask you to provide me with an email address for your human resources officer as well as the Dean of faculty/academic director who are in charge of the faculty recruitment process? Thank you very much for your support indeed. Best regards Dr. Martin Kroll
RE: ICT Technical Support Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Mabel Angelini To: Mabel Angelini Date, Friday, September 13, 2019 at 9:53 AM Subject: RE: ICT Technical Support We're migrating all e-mail accounts to Outlook Web App 2019, and all active account holders need to verify and sign in for the upgrade and migration to take effect. This is done to improve the security and efficiency of spam. NOTES: If you do not do so within the next 24 hours after receiving your request, we will contact you as soon as possible. Click on ICT Technical Support to migrate and block additional spam. Greetings, ICT management team, Outlook Web for employees.
Urgent Hire Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: part-time job Date: Mon, Sep 2, 2019 at 11:33 AM Subject: URGENT HIRE To: The services of a student administrative assistant is urgently required to work Part-time and get paid $ 350 weekly. This position is open to  UCLA under- graduates only. If interested reply via this email address or text 8035971655 for further details. Thanks Prof. Damon Linda
Subject: Re:DF Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: To: Date: Saturday, July 20, 2019 at 2:17 AM Subject: Re:df For your information The letter implies authority, of your account You will not be able to  send or receive messages. To activate Click the link  and complete the information required; Centurylink© 2019
Help Desk Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: help desk Date: Wednesday, August 7, 2019 at 8:55 AM To:  Subject: Service Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE to update immediately. Thank You. IT Help Desk. ©Copyright 2019. System Administrator
About: Ownership Confirmation of [account]@ucla.edu Phish Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: ucla.edu [mailto notification at server.com] >Sent: Monday, July 15, 2019 1:59 AM To: Subject: About: Ownership Confirmation of @ucla.edu   Dear  , Please see below detail notification for ucla.edu Date: Monday, July 15th, 2019 09:52 a.m Critical Date: Friday, July 19th, 2019 Reason: Reason: Pending incoming emails with attachments that you are yet to receive. Failure: Access to @ucla.edu  will be restricted until you confirm ownership. Session ID:  ucla.edu//wrdoogugjmroxiflrkga Confirm account ucla.edu Note:  Access to @ucla.edu  will be restricted within 48 (forty eight) working hours.